Dozzle 代码问题漏洞

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 had code vulnerabilities. These vulnerabilities stemmed from the fact that the POST /api/notifications/test-webhook endpoint was not authenticated during default...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS offered by International Business Machines IBM. There are code vulnerabilities in versions 10.15 and later of IBM webMethods Integration, as well as in versions IS10.15CoreFix2611.1 and 11.1, up to IS11.1CoreFix10. These vulnerabilities stem...

OpenHarmony 代码问题漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier have code vulnerabilities that can be exploited by attackers to cause denial-of-service attacks...

Apache OFBiz 代码问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, which were caused by server-side request forgei...

Apache OFBiz 代码问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, specifically a server-side request forgeing...

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.5.11 have code vulnerabilities. These vulnerabilities stem from the PDF export feature, where user input is interpreted as HTML and embedded in PDFs. Additionally,...

GitLab 代码问题漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code-related vulnerabilities in versions prior to GitLab EE...

nuxt-og-image 代码问题漏洞

nuxt-og-image is a tool developed by Nuxt Modules for generating social media previews for Nuxt applications. Versions of nuxt-og-image from 6.2.5 to 6.4.9 had code issues and vulnerabilities. These vulnerabilities stemmed from an incomplete blocklist for the isBlockedUrl function, which could le...

AMD AIM-T Manageability Service 代码问题漏洞

AMD AIM-T Manageability Service is an industrial-grade remote device management service provided by American semiconductor company AMD. It supports operations and maintenance of edge computing nodes. There are code vulnerabilities in AMD AIM-T Manageability Service. These vulnerabilities stem fro...

Strapi 代码问题漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.33.3 had code vulnerabilities. These vulnerabilities stemmed from a lack of default functionality to invalidate existing refresh token sessions when a user’s password...

Palo Alto Networks PAN-OS 代码问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There are code vulnerabilities in Palo Alto Networks PAN-OS, and these vulnerabilities can lead to multiple denial-of-service attacks. Unauthorized attackers may exploit these vulnerabilitie...

libcurl 代码问题漏洞

libcurl is an open-source, free, and easy-to-use client URL transfer library for cURL. There are code vulnerabilities in libcurl, stemming from errors in connection reuse logic. These vulnerabilities may cause SMB transfers to incorrectly reuse existing connections to different shares, resulting ...

Microsoft Azure Monitor Agent 代码问题漏洞

Microsoft Azure Monitor Agent is a monitoring agent program developed by the American company Microsoft. There are code-related vulnerabilities in Microsoft Azure Monitor Agent. Attackers can exploit these vulnerabilities to gain higher privileges...

Microsoft SharePoint 代码问题漏洞

Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...

Geyser 代码问题漏洞

Geyser is a cross-platform game version bridging proxy tool developed by GeyserMC. Versions of Geyser prior to 2.9.3 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when processing texture data for players’ heads in Minecraft. This allowed attackers...

Sonatype Nexus Repository Manager 代码问题漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.91.1 contained code vulnerabilities. These...

Official Clerk JavaScript SDKs 代码问题漏洞

The Official Clerk JavaScript SDKs are an open-source repository for Clerk authentication purposes. These SDKs have code vulnerabilities that can lead to false positives during authorization checks. This occurs when functions like has and auth.protect, along with related authorization predicates,...

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.6.32 contained code vulnerabilities. These vulnerabilities stemmed from logical flaws in the URL checking logic, which could allow attackers to bypass the checks and execute...

SecureForge: Finding and Preventing Vulnerabilities in LLM-Generated Code Via Prompt Optimization

LLM coding agents now generate code at an unprecedented scale, yet LLM-generated code introduces cybersecurity vulnerabilities into codebases without human involvement. Even when frontier models are explicitly asked to write secure production code with relevant weaknesses to avoid in context, we...

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. There were code issues and vulnerabilities in versions of CI4MS from 0.26.0 to 0.31.8.0. These vulnerabilities stemmed from the auth filter disabling the check for banning/banned users...